136 lines
4.2 KiB
Go
136 lines
4.2 KiB
Go
//
|
|
// Copyright (c) 2019-2023 Red Hat, Inc.
|
|
// This program and the accompanying materials are made
|
|
// available under the terms of the Eclipse Public License 2.0
|
|
// which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
//
|
|
// SPDX-License-Identifier: EPL-2.0
|
|
//
|
|
// Contributors:
|
|
// Red Hat, Inc. - initial API and implementation
|
|
//
|
|
|
|
package server
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/eclipse-che/che-operator/pkg/deploy"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
|
|
"github.com/devfile/devworkspace-operator/pkg/infrastructure"
|
|
chev2 "github.com/eclipse-che/che-operator/api/v2"
|
|
"github.com/eclipse-che/che-operator/pkg/common/test"
|
|
"github.com/stretchr/testify/assert"
|
|
rbac "k8s.io/api/rbac/v1"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
)
|
|
|
|
func TestSyncPermissions(t *testing.T) {
|
|
infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
|
|
|
|
type testCase struct {
|
|
name string
|
|
checluster *chev2.CheCluster
|
|
}
|
|
|
|
testCases := []testCase{
|
|
{
|
|
name: "Test case #1",
|
|
checluster: &chev2.CheCluster{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "eclipse-che",
|
|
Namespace: "eclipse-che",
|
|
},
|
|
Spec: chev2.CheClusterSpec{
|
|
Components: chev2.CheClusterComponents{
|
|
CheServer: chev2.CheServer{
|
|
ClusterRoles: []string{"test-role"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, testCase := range testCases {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
ctx := test.GetDeployContext(testCase.checluster, []runtime.Object{})
|
|
|
|
reconciler := NewCheServerReconciler()
|
|
|
|
done, err := reconciler.syncPermissions(ctx)
|
|
assert.True(t, done)
|
|
assert.Nil(t, err)
|
|
|
|
names := []string{
|
|
fmt.Sprintf(userCommonPermissionsTemplateName, ctx.CheCluster.Namespace),
|
|
fmt.Sprintf(cheSASpecificPermissionsTemplateName, ctx.CheCluster.Namespace),
|
|
fmt.Sprintf(userDevWorkspacePermissionsTemplateName, ctx.CheCluster.Namespace),
|
|
}
|
|
|
|
for _, name := range names {
|
|
assert.True(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: name}, &rbac.ClusterRole{}))
|
|
assert.True(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: name}, &rbac.ClusterRoleBinding{}))
|
|
}
|
|
assert.True(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: "test-role"}, &rbac.ClusterRoleBinding{}))
|
|
|
|
done = reconciler.deletePermissions(ctx)
|
|
assert.True(t, done)
|
|
|
|
for _, name := range names {
|
|
assert.False(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: name}, &rbac.ClusterRole{}))
|
|
assert.False(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: name}, &rbac.ClusterRoleBinding{}))
|
|
}
|
|
assert.False(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: "test-role"}, &rbac.ClusterRoleBinding{}))
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestSyncClusterRoleBinding tests that CRB is deleted when no roles are specified in CR.
|
|
func TestSyncPermissionsWhenCheClusterUpdated(t *testing.T) {
|
|
infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
|
|
|
|
cheCluster := &chev2.CheCluster{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "eclipse-che",
|
|
Namespace: "eclipse-che",
|
|
},
|
|
Spec: chev2.CheClusterSpec{
|
|
Components: chev2.CheClusterComponents{
|
|
CheServer: chev2.CheServer{
|
|
ClusterRoles: []string{"test-role"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
ctx := test.GetDeployContext(cheCluster, []runtime.Object{})
|
|
reconciler := NewCheServerReconciler()
|
|
|
|
done, err := reconciler.syncPermissions(ctx)
|
|
assert.True(t, done)
|
|
assert.NoError(t, err)
|
|
|
|
err = deploy.ReloadCheClusterCR(ctx)
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Name: "test-role"}, &rbac.ClusterRoleBinding{}))
|
|
assert.Equal(t, ctx.CheCluster.Finalizers, []string{"test-role.crb.finalizers.che.eclipse.org"})
|
|
|
|
ctx.CheCluster.Spec.Components.CheServer.ClusterRoles = []string{}
|
|
err = ctx.ClusterAPI.Client.Update(context.TODO(), ctx.CheCluster)
|
|
assert.NoError(t, err)
|
|
|
|
done, err = reconciler.syncPermissions(ctx)
|
|
assert.True(t, done)
|
|
assert.NoError(t, err)
|
|
|
|
assert.False(t, test.IsObjectExists(ctx.ClusterAPI.Client, types.NamespacedName{Namespace: "eclipse-che", Name: "test-role"}, &rbac.ClusterRoleBinding{}))
|
|
assert.Empty(t, ctx.CheCluster.Finalizers)
|
|
}
|